Menu
▾
▴
[Collective-checkins] r25876 - in SignupSheet/trunk: . Extensions content skins/SignupSheet
|
From: aaronv <svn...@pl...> - 2006-07-07 20:10:29
|
Author: aaronv
Date: Fri Jul 7 20:10:18 2006
New Revision: 25876
Modified:
SignupSheet/trunk/Extensions/signupsheet_registrant_workflow.py
SignupSheet/trunk/README.txt
SignupSheet/trunk/content/signupsheet.py
SignupSheet/trunk/skins/SignupSheet/signupsheet_view.pt
SignupSheet/trunk/skins/SignupSheet/sus_atse_macros.pt
Log:
Fixed workflow bug for registrants that allowed anon to view pending registrant
Added conditional for editable border for signup sheet so anon does not see plone interface
Removed redundant manage link for signup sheet
Added proper permissions for export and schema edit methods on signupsheet
Updated README to reflect changes
Modified: SignupSheet/trunk/Extensions/signupsheet_registrant_workflow.py
==============================================================================
--- SignupSheet/trunk/Extensions/signupsheet_registrant_workflow.py (original)
+++ SignupSheet/trunk/Extensions/signupsheet_registrant_workflow.py Fri Jul 7 20:10:18 2006
@@ -36,7 +36,7 @@
wf.variables.addVariable(v)
for l in []:
wf.worklists.addWorklist(l)
- for p in ('Delete objects', 'Modify portal content', 'SignupSheet: Add Registrant'):
+ for p in ('Delete objects', 'Modify portal content', 'SignupSheet: Add Registrant','View'):
wf.addManagedPermission(p)
@@ -50,6 +50,7 @@
sdef.setPermission('Delete objects', 0, ['Anonymous', 'Manager', 'Owner'])
sdef.setPermission('Modify portal content', 0, ['Anonymous', 'Manager', 'Owner'])
sdef.setPermission('SignupSheet: Add Registrant', 0, ['Anonymous', 'Manager', 'Owner'])
+ sdef.setPermission('View', 1, [])
sdef = wf.states['confirmed']
sdef.setProperties(title="""Confirmed""",
@@ -57,6 +58,7 @@
sdef.setPermission('Delete objects', 0, ['Manager'])
sdef.setPermission('Modify portal content', 0, ['Owner', 'Manager'])
sdef.setPermission('SignupSheet: Add Registrant', 1, [])
+ sdef.setPermission('View', 0, ['Manager'])
sdef = wf.states['unconfirmed']
sdef.setProperties(title="""Unconfirmed""",
@@ -64,6 +66,7 @@
sdef.setPermission('Delete objects', 0, ['Manager'])
sdef.setPermission('Modify portal content', 0, ['Owner', 'Manager'])
sdef.setPermission('SignupSheet: Add Registrant', 1, [])
+ sdef.setPermission('View', 0, ['Manager'])
## Creation of workflow scripts
Modified: SignupSheet/trunk/README.txt
==============================================================================
--- SignupSheet/trunk/README.txt (original)
+++ SignupSheet/trunk/README.txt Fri Jul 7 20:10:18 2006
@@ -71,7 +71,6 @@
o It is possible to prematurely fill up registration by malicious user.
- o SignupSheet view displays portions of the Plone editing interface, such as the view tab.
Authors
Modified: SignupSheet/trunk/content/signupsheet.py
==============================================================================
--- SignupSheet/trunk/content/signupsheet.py (original)
+++ SignupSheet/trunk/content/signupsheet.py Fri Jul 7 20:10:18 2006
@@ -1,6 +1,6 @@
#CMF
from Products.CMFCore.utils import getToolByName
-from Products.CMFCore.CMFCorePermissions import View, ModifyPortalContent
+from Products.CMFCore.CMFCorePermissions import View, ModifyPortalContent, ManagePortal
from Products.CMFPlone.interfaces.NonStructuralFolder import INonStructuralFolder
#ArcheTypes
@@ -18,9 +18,7 @@
from Products.ATContentTypes.content.folder import *
#security
-from Products.CMFCore import CMFCorePermissions
from AccessControl import ClassSecurityInfo
-security = ClassSecurityInfo()
#need this for the export tool
@@ -101,9 +99,9 @@
#setup actions for edit and export tools
actions = ({
'id' : 'editschema',
- 'name' : 'edit schema',
+ 'name' : 'edit registrant form',
'action' : 'string:${object_url}/signupsheet_schema_editor',
- 'permissions' : (ModifyPortalContent, ),
+ 'permissions': ('Manage portal',),
'category' : 'object',
},
{
@@ -117,11 +115,12 @@
'id' : 'exportdata',
'name' : 'export data',
'action' : 'string:${object_url}/export_registrant_fields',
- 'permissions' : (ModifyPortalContent, ),
+ 'permissions': ('Modify portal content',),
'category' : 'object',
},
)
+ security = ClassSecurityInfo()
schema = schema
portal_type = meta_type = "SignupSheet"
@@ -162,7 +161,7 @@
#Code from UpFront objs product
- #security.declareProtected(CMFCorePermissions.ModifyPortalContent, 'exportCSV')
+ security.declareProtected(ModifyPortalContent,'exportCSV')
def exportCSV(self, objs=None, fields=None, delimiter='comma',
quote_char='double_quote', coding=None,
export_type='Person'):
@@ -249,6 +248,7 @@
return result
#used by export_registrant_fields to gather fields for export
+ security.declareProtected(ModifyPortalContent,'contactTypeFieldNames')
def contactTypeFieldNames(self, import_type):
"Returns the field names for contact type"
Modified: SignupSheet/trunk/skins/SignupSheet/signupsheet_view.pt
==============================================================================
--- SignupSheet/trunk/skins/SignupSheet/signupsheet_view.pt (original)
+++ SignupSheet/trunk/skins/SignupSheet/signupsheet_view.pt Fri Jul 7 20:10:18 2006
@@ -6,10 +6,13 @@
metal:use-macro="here/main_template/macros/master">
<head><title></title>
-<!-- this little trick keeps the editing border from showingup -->
+<!-- this little trick keeps the editing border from showing up -->
+<metal:block fill-slot="top_slot"
+ tal:define="border python:test( here.portal_membership.isAnonymousUser(), 'disable_border', 'ignore' );
+ dummy python: request.set(border,1) " />
+
+
-<!-- <metal:block fill-slot="top_slot"
- tal:define="dummy python: not request.set('disable_border',-1)" /> -->
</head>
<body>
<div metal:fill-slot="main">
@@ -20,7 +23,7 @@
</div>
<div class="formControls">
<div tal:condition="python: user.has_permission('SignupSheet: Add SignupSheet', here)">
- <a href="signupsheet_schema_editor">manage signup sheet</a>
+ <!--<a href="signupsheet_schema_editor">manage signup sheet</a>-->
</div>
<br />
<h1 tal:content="title_string | here/title_or_id" />
Modified: SignupSheet/trunk/skins/SignupSheet/sus_atse_macros.pt
==============================================================================
--- SignupSheet/trunk/skins/SignupSheet/sus_atse_macros.pt (original)
+++ SignupSheet/trunk/skins/SignupSheet/sus_atse_macros.pt Fri Jul 7 20:10:18 2006
@@ -215,7 +215,7 @@
<tal:if condition="not:here/atse_isTool">
<a href="#"
tal:attributes="href string: ${here/absolute_url}/atse_updateManagedSchema?portal_type=$SCHEMA_ID&schema_template=$SCHEMA_TEMPLATE"
- i18n:translate="update_schema_for_all_schemas" onclick="javascript:if (!confirm('Really update all associated objects? This operation cannot be undone!')) {return false;}">Update schema for all managed schemas</a><br/><br/></tal:if>
+ i18n:translate="update_schema_for_all_schemas" onclick="javascript:if (!confirm('Really update all associated objects? This operation cannot be undone!')) {return false;}">Update fields for all registrants</a><br/><br/></tal:if>
<!--<a href="#"
tal:attributes="href string: ${here/absolute_url}/atse_updateManagedSchema?portal_type=$SCHEMA_ID&schema_template=$SCHEMA_TEMPLATE&update_all=1"
i18n:translate="update_schema_for_really_all_schemas" onclick="javascript:if (!confirm('Really update all objects in portal (even unmanaged ones)? This operation cannot be undone!')) {return false;}">Update schema for all objects in portal (even unmanaged ones)</a>-->
|